When attempting to use Azure Active Directory for application authentication, a user may encounter the error below:
The intent of this article is to guide users on where to find the reply URL specified in the request and the reply URL configured in the application. Understanding the corresponding values and locations will enable users to efficiently understand and troubleshoot this issue.
Step 1: Understanding the properties displayed in the error screen.
(1)At the top of the page, the numeric value in the URL is the reply URL specified in the request.
(2)Towards the bottom of the page, we can see the URL configured for the application.
Step 2: Finding the reply URL specified in the request.
Semarchy.xml file, the reply URL is specified with the issuer. We can see the numeric value here matches the value from the login URL above denoted with 1.
Step 3: Finding the URL configured for the application (in Azure Active Directory).
Navigate to the Azure Active Directory portion of the Azure Portal. From Default Directory > App registrations > Context of your Azure AD application. In the screenshot below, we can see the
Application ID in
Semarchy.xml is pointing to
Test App. In the first screenshot below, we can see that the application is named Test App, as well as the Object ID and Application ID for Test App.
Under Endpoints in Test App, we can see the Directory (tenant) ID matches the first error in the login.microsoftonline.com URL.
Step 4: Problem Analysis and Resolution.
The Client ID value from
Semarchy.xml has a corresponding value in Azure Active Directory. Client ID specifies which Azure Active Directory application holds the corresponding redirect URL. Below, we can see the actual setting for
SEMARCHYACTIVEDIRECTORYSERVICE application. Note the navigation path/context, and where the Redirect URI value is entered. Keep in mind, this issue is not related to the configured value of the Redirect URI, rather it is related to the
Client ID of the application specified in
Semarchy.xml. The Client ID from
Semarchy.xml needs to match the correct Application (client) ID in Azure Active Directory, as shown below. Here, the Semarchy.xml clientId value correctly matches the Application (client) ID for
The root issue is a mismatch of objects between two separate Azure Active Directory services. While
Semarchy.xml is configured to use
SEMARCHYACTIVEDIRECTORYSERVICE, which has an
Application ID starting with 1c0b18ee-..xx, it is currently misconfigured by pointing to the
Application ID for
Test App (which has Application ID starting with 5994e11b-..xx). For this scenario, it should be configured to use
Application ID 1c0b18ee-a7e4-450b-.xx.
The resolution is ensuring the values from
Semarchy.xml correctly match the corresponding values from the
Azure Active Directory application.
This can be completed by either
a) changing the
Semarchy.xml to point to the correct
Application ID for
b) changing values in
Test App to work with the configuration.
Please refer to our official documentation Semarchy xDM on Azure for detailed steps on this process.